Summary: | <dev-python/bottle-0.12.12: redirect() doesn't filter "rn" which allows for CRLF attack (CVE-2016-9964) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | python |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1405416 | ||
Whiteboard: | B4 [noglsa cve] | ||
Package list: |
=dev-python/bottle-0.12.12
=dev-python/mako-1.0.0 hppa ppc64
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-12-19 13:40:24 UTC
@ Maintainer(s: Please bump to >=dev-python/bottle-0.12.11 https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=95bde71ab7a933fccd4635ebdc6d09b6b223a758 commit 95bde71ab7a933fccd4635ebdc6d09b6b223a758 Author: Mike Gilbert <floppym@gentoo.org> Date: Sun Jan 8 19:38:20 2017 -0500 dev-python/bottle: bump to 0.12.12 Package-Manager: Portage-2.3.3_p19, Repoman-2.3.1_p12 dev-python/bottle/Manifest | 1 + dev-python/bottle/{bottle-0.12.9.ebuild => bottle-0.12.12.ebuild} | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) @ Arches, please test and mark stable: =dev-python/bottle-0.12.12 An automated check of this bug failed - repoman reported dependency errors (5 lines truncated):
> dependency.bad dev-python/bottle/bottle-0.12.12.ebuild: DEPEND: hppa(default/linux/hppa/13.0) ['dev-python/mako[python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_4(-)?,-python_single_target_python3_4(-),python_targets_python3_5(-)?,-python_single_target_python3_5(-)]']
> dependency.bad dev-python/bottle/bottle-0.12.12.ebuild: DEPEND: ppc64(default/linux/powerpc/ppc64/13.0/64bit-userland) ['dev-python/mako[python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_4(-)?,-python_single_target_python3_4(-),python_targets_python3_5(-)?,-python_single_target_python3_5(-)]']
> dependency.bad dev-python/bottle/bottle-0.12.12.ebuild: DEPEND: ppc64(default/linux/powerpc/ppc64/13.0/64bit-userland/desktop) ['dev-python/mako[python_targets_python2_7(-)?,-python_single_target_python2_7(-),python_targets_python3_4(-)?,-python_single_target_python3_4(-),python_targets_python3_5(-)?,-python_single_target_python3_5(-)]']
@ Arches, hppa and ppc64 also need to stabilized missing required =dev-python/mako-1.0.0 package amd64 stable x86 stable arm stable ppc stable Stable for HPPA. Stable on alpha. ia64 stable sparc stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. commit 1622c3d10b3d3e52fad66c27e2931ca8d97b157a Author: David Seifert <soap@gentoo.org> Date: Wed Jan 18 11:10:55 2017 +0100 dev-python/bottle: Remove old vulnerable versions Gentoo-bug: 603096 GLSA Vote: No |